System information
1. CONFIGURATION OVER WEB BROWSER
Continued from previous page
Item Description
Pre-shared Key Sharable key for both parties tunnel.
CA Certificate This certificate is necessary to insert Authentication mode x.509.
Remote Certificate This certificate is necessary to insert Authentication mode x.509.
Local Certificate This certificate is necessary to insert Authentication mode x.509.
Local Private Key This private key is necessary to insert Authentication mode
x.509.
Local Passphrase This Local Passphrase is necessary to insert Authentication
mode x.509.
Extra Options Use this parameter to define additional parameters of the IPsec
tunnel, for example secure parameters etc.
Table 33: OpenVPN tunnels configuration
The certificates and private keys have to be in PEM format. As certificate it is possible to
use only certificate which has start and stop tag certificate.
Random time, after which it will re-exchange of new keys are defined:
Lifetime - (Rekey margin + random value in range (from 0 to Rekey margin * Rekey Fuzz/100))
By default, the repeated exchange of keys held in the time range:
• Minimal time: 1h - (9m + 9m) = 42m
• Maximal time: 1h - (9m + 0m) = 51m
When setting the times for key exchange is recommended to leave the default setting in
which tunnel has guaranteed security. When set higher time, tunnel has smaller operating
costs and smaller the safety. Conversely, reducing the time, tunnel has higher operating costs
and higher safety of the tunnel.
The changes in settings will apply after pressing the Apply button.
41
LUCOM GmbH * Ansbacher Str. 2a * 90513 Zirndorf * Tel. 09127/59 460-10 * Fax. 09127/59 460-20 * www.lucom.de